Web Application Security News
July 27, 2016
Problems with LastPass security might have been improperly disclosed, putting user passwords at higher risk, but the flaws have already been fixed, with an update rolling out now.
April 12, 2016
Customers with hosted sites will now have WordPress SSL turned on for free by default, thanks to Let's Encrypt certificates, potentially making a large number of websites more secure.
January 22, 2016
The security researcher behind the LostPass phishing attack on LastPass has criticized the company's reaction and responses to his findings.
December 11, 2015
News roundup: Cyber politics in U.S., as leaders attempt to balance access to strong encryption with terror threats. Also: Microsoft's German data centers, SHA-1 deprecation schedule, and more.
Web Application Security Get Started
Bring yourself up to speed with our introductory content
A buffer overflow occurs when a program attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow exploits may enable remote execution of malicious code or denial of service ... Continue Reading
Intuit did it. Etsy did it. Netflix did it. How fast moving companies are integrating security into the agile DevOps cycle for continuous deployment of software and services. Continue Reading
Delays, "no" and "redo that work" causes many developers to avoid IT security. With DevOps, proponents aim to make security at scale everybody's problem. Continue Reading
Evaluate Web Application Security Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
This guide explains the technology and the key features an effective system should include to help readers evaluate fraud detection products and choose the best for their company. Continue Reading
Web fraud detection systems are designed to minimize the threat of online payment fraud. While the fraud rate has not been growing, it is still significant and financial institutions take a hit for money lost.
Payment fraud detection involves ... Continue Reading
The BREACH attack has been updated to perform faster data theft. Expert Nick Lewis explains the differences in this attack and the threat level for organizations that use Gmail. Continue Reading
Manage Web Application Security
Learn to apply best practices and optimize your operations.
SSL attacks such as Heartbleed, POODLE and Shellshock have placed countless enterprises at risk. Learn how these different attacks work, and how they can be prevented or mitigated. Continue Reading
Enterprises can't avoid dealing with cloud-based application security any longer. Expert Dejan Lukan discusses the challenges and why they're not as bad as they seem. Continue Reading
SSL subscription services are emerging to help enterprises handle the daunting task of SSL certificate management. Expert Michael Cobb discusses the benefits of such a service. Continue Reading
Problem Solve Web Application Security Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Web application security vulnerabilities exist from browser to SSL/TLS. Expert Brad Causey explains how application security testing and Web application firewalls can address this. Continue Reading
Address bar spoofing attacks can be detrimental to an organization. Expert Michael Cobb details several vulnerabilities and explains how to defend against the threat. Continue Reading
Expert Michael Cobb explains the difference between cross-site scripting and cross-site scripting inclusion (XSSI) flaws. Continue Reading